On March 25, 2015, the Canadian Radio-television and Tele-communications Commission (“CRTC”) announced that the Vancouver-based, online dating service PlentyofFish paid $48,000 as part of a voluntary settlement of an alleged violation of Canada’s anti-spam law (commonly known as “CASL”). The alleged CASL violation related to the sending of commercial electronic messages that included a deficient unsubscribe mechanism.
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages (“CEMs”), the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud.
For most organizations, the key parts of CASL are the rules for CEMs. Subject to limited exceptions, CASL prohibits the sending of a CEM unless the recipient has given informed consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (including an effective and promptly implemented unsubscribe mechanism) and is not misleading.
CASL and its regulations require that a regulated CEM “clearly and prominently set out” an unsubscribe mechanism that is “able to be readily performed”. CRTC guidance explains that an unsubscribe mechanism must be accessible “without difficulty or delay” and should be “simple, quick and easy” for a consumer to use.
Violation of CASL’s CEM rules can result in severe administrative penalties (up to $1 million per violation for individuals and up to $10 million per violation for organizations), civil liability through a private right of action (commencing July 1, 2017) and vicarious liability on employers, directors and officers. CASL gives the CRTC regulatory and enforcement authority regarding CEMs and other matters.
Acting on complaints, the CRTC investigated PlentyofFish’s alleged sending of CEMs, to registered users of the online dating service, with an unsubscribe mechanism that was not clearly and prominently set out and which could not be readily performed.
Once made aware of the CRTC investigation, PlentyofFish updated its unsubscribe mechanism to be CASL compliant. PlentyofFish then entered into a voluntary settlement (known as an “undertaking”) with CRTC, which includes a $48,000 payment and a commitment by PlentyofFish to develop and implement a CASL compliance program, including training and education of staff and corporate policies and procedures for CASL compliance.
The CRTC’s Chief Compliance and Enforcement Officer explained: “This case is an important reminder to businesses that they need to review their unsubscribe mechanisms to ensure they are clearly and prominently set out and can be readily performed. We appreciate that Plentyoffish Media changed its practices once it became aware of the problem.”